What does this cover?

The Spanish Data Protection Agent (SDPA) has published its 'Strategic Plan' for the period 2015-2019 after a period of public consultation in which citizens, experts in data protection matters, data controllers and all those public or private organisations invited to participate in the consultation (Strategic Plan). The final text of the Strategic Plan was published on 20 November 2015 after receiving almost 400 contributions from its participants.

The Strategic Plan is structured in five strategic pillars, namely:

  1. prevention for more effective protection of personal data,
  2. innovation and data protection: level of trust and guarantee of quality,
  3. a cooperative, transparent and participative SDPA,
  4. proximity of the SDPA to data controllers and privacy professionals, and
  5. agility and efficiency of the SDPA.  

The Strategic Plan bases its future action on several measures which pursue the following objectives:

  • Prevention activities, especially in areas with a major impact such as education and child protection, the treatment of data in the health sector or fraudulent recruitment.  
  • Initiatives that contribute to a climate of trust in the field of digital economy, promoting competitiveness of enterprises or the digital content development and ICT innovation industries.  
  • Proactive activities to detect the potential impact of new technological developments on privacy, and to promote compliance with Spanish and European legislation on data protection matters.  
  • Projects promoting communication with citizens and establishing stable relations with data controllers, data processors, and privacy professionals.  
  • Continuous improvement of the quality of the SDPA services, paying particular attention to the simplification of procedures, reducing processing times, optimising resources and the intensive use of eGovernment tools.  
  • Response to international challenges, especially with the forthcoming adoption of the GDPR.  

With regards to the impact of these measures on the insurance sector, which usually deals with common solvency files, it is necessary to focus on the first strategic pillar of the SDPA’s Strategic Plan regarding prevention measures for more efficient protection of personal data. This strategic pillar will reinforce the prevention of violations to data protection legislation, and will focus, in particular, on the areas which lead to the highest number of complaints sent from data subjects to the SDPA. These areas are, according to the information provided by the SDPA, the telecommunications sector, the water and energy sector and the banking sector. It is important to highlight that in the draft text of the Strategic Plan submitted for consultation, the SDPA also included the insurance sector as one of the areas with the highest number of complaints, however, in the final version of the Strategic Plan this was eliminated, as was expected given the figures published by the SDPA related to complaints over the last few years.

The main lines of work that the SDPA intends to promote in this first strategic pillar are focused on the development of tools to promote public awareness of the rights and guarantees that assist the data subjects, paying particular attention to the protection of citizens as regards their activities on the internet, as well as a specific line of work on the surveillance of the activities of companies included in the abovementioned areas that traditionally cause a higher number of claims. This first strategic pillar also includes special mention of the particular attention that the SDPA will pay to the inclusion of data in common solvency files.

The full Strategic Plan, is available here.

What action could be taken to manage risks that may arise from this development?

None – for interest only.

Submitted by Irene Robledo of Perez-Llorca – Madrid, Spain in partnership with DAC Beachcroft.